<?php
if(!defined('IN_SITE')) exit('Access Denied');
$db->table="message";
switch($do)
{
	case 'setTop':
		if($_SESSION["___isadmin"]) {
			$id= post('id');
			if($id) {
				$topMessage = $db->SelectS('SELECT * FROM message WHERE istop=1',1);
				if($topMessage['id']) {
					$v['UpdateStr'] = array('istop'=>0);
					$v['where'] = 'id='.$topMessage['id'];
					if($db->Update($v)){
						$v['UpdateStr'] = array('istop'=>1);
						$v['where'] = 'id='.$id;
						if($db->Update($v)){
							$errorFlag = 'S';
						}
						else {
							$errorFlag = 'E';
						}
					}
					else {
						$errorFlag = 'E';
					}
				}
				else {
					$v['UpdateStr'] = array('istop'=>1);
					$v['where'] = 'id='.$id;
					if($db->Update($v)){
						$errorFlag = 'S';
					}
					else {
						$errorFlag = 'E';
					}
				}
			}
			else {
				$errorFlag = 'E';
			}
		}
		else {
			$errorFlag = 'Access Deny';
		}
		echo $errorFlag;
		exit;
	break;
	case 'unsetTop':
		if($_SESSION["___isadmin"]) {
			$id= post('id');
			if($id) {
				$v['UpdateStr'] = array('istop'=>0);
				$v['where'] = 'id='.$id;
				if($db->Update($v)) {
					echo 'S';
				}
				else {
					echo 'E';
				}
			}
			else {
				echo 'E';
			}
		}
		else {
			echo 'Access Deny';
		}
		exit;
	break;
    case "save":
		if($_SESSION["___isadmin"]) {
	    	$adminInfo= $db->SelectS("select * from systemuser where id=".$_SESSION["___isadmin"],1);
	    	$adminInfo['headpic'] = $adminInfo['headpic'] ? $adminInfo['headpic'] : 'upload/headicons/1.jpg';
    	}
    	else {
	    	$ipInterval = $CONFIGURE['ipInterval'] ? $CONFIGURE['ipInterval'] : 0;
	    	if($ipInterval) {
	    		$message=$db->SelectS("select * from message where ip='".getIP()."' ORDER BY id DESC",1);
	    		if($message['createtime'] && (time()-$message['createtime'])<$ipInterval) {
	    			echo 'PE';//Permission Error
	    			exit;
	    		}
	    	}
    	}
    	$content = post("content");
    	if($content) {
    		$nickname = trim(post("nickname")) ? trim(post("nickname")) : '匿名';
	        $headIcon = $_SESSION["___isadmin"] ? '' : post("headicon");
	        $ispower = post("ispower");
	        $fid = post("fid");
			//替换表情
			$faces = include(FILE_ROOT.'/include/face.inc.php');
			foreach($faces as $faceKey=>$faceItem) {
				$content = str_replace('[' . $faceKey . ']','<img alt="' . $faceKey . '" src="' . $faceItem . '">',$content);
			}
	        $content = nl2br($content);
	        //插入数据库
	        $insertData = array(
	        	'headpic'=>$headIcon,
	        	'nickname'=>$nickname,
	        	'qq'=>post("qq"),
	        	'ispower'=>intval($ispower),
	        	'poster'=>$_SESSION["___isadmin"] ? $_SESSION["___isadmin"] : 0,
	        	'content'=>$content,
	        	'createtime'=>time(),
	        	'ip'=>getIP(),
	        	'fid'=>$fid ? $fid : 0
	        );
	        if($db->Insert($insertData) !== FALSE) {
	        	$lastInsertId = $db->insert_id();
	        	$where = 'id='.$lastInsertId;
	        	$lastData = $db->Select(array('where'=>$where));
				if($_SESSION["___isadmin"]) {
					$lastData[0]['___isadmin'] = true;
					$posterInfo = $db->SelectS("select * from systemuser where id=".$_SESSION["___isadmin"],1);
					$lastData[0]['posterName'] = $posterInfo['username'];
					$lastData[0]['headpic'] = $posterInfo['headpic'];
				}
				else {
					$lastData[0]['___isadmin'] = false;
				}
				//关键字过滤
		        if(is_array($CONFIGURE["filter"])) {
		            foreach($CONFIGURE["filter"] as $o) {
		                $lastData[0]["content"] = str_ireplace($o,"*",$lastData[0]["content"]);
		                $lastData[0]["nickname"] = str_ireplace($o,"*",$lastData[0]["nickname"]);
		            }
		        }
				$lastData[0]["createtime"] = date("Y-m-d H:i",$lastData[0]["createtime"]);
				$lastData[0]["content"] = str_ireplace(array("<br>", "<br/>", "<br />"), "</p><p>", $lastData[0]["content"]);
	        	echo json_encode($lastData[0]);
	        }
	        else {
	        	echo 'error';
	        }
    	}
    	else {
    		echo 'error';
    	}
        exit;
    break;
    case "del":
    	if($_SESSION["___isadmin"]) {
	    	$id = post('id');
	    	if($id) {
		    	$comments = $db->SelectS('select id from message where fid IN ('.$id.')');
		    	foreach($comments as $comment) {
		    		$fids .= $comment['id'].',';
		    	}
		    	$ids = $fids.$id;
		    	if($db->Delete('WHERE id IN ('.$ids.')')) {//删除信息
		        	echo 'S';
		        }
		        else {
		        	echo 'E';
		        }
	    	}
	    	else {
	    		echo 'E';
	    	}
    	}
    	else {
    		echo 'Access Deny';
    	}
        exit;
	break;
    case 'nextMessage' :
    	if($_SESSION["___isadmin"]) {
	    	$id = post('id');
	    	$nextMessage = $db->SelectS('select * from message where id < '.$id.' and fid=0 and poster=0 ORDER BY id DESC LIMIT 1');
			if($nextMessage[0]) {
				$nextMessage[0]['createtime'] = date("Y-m-d H:i",$nextMessage[0]["createtime"]);
				$nextMessage[0]['___isadmin'] = true;
				$nextMessage[0]["content"] = str_ireplace(array("<br>", "<br/>", "<br />"), "</p><p>", stripslashes($nextMessage[0]["content"]));
			}
	    	echo json_encode($nextMessage[0]);
		}
    	else {
    		echo 'Access Deny';
    	}
        exit;
	break;
	case 'nextAdminMessage' :
		if($_SESSION["___isadmin"]) {
			$id = post('id');
	    	$nextMessage = $db->SelectS('select * from message where id < '.$id.' and fid=0 and poster>0 ORDER BY id DESC LIMIT 1');
	    	if($nextMessage[0]) {
	    		$nextMessage[0]['createtime'] = date("Y-m-d H:i",$nextMessage[0]["createtime"]);
	    	}
	    	echo json_encode($nextMessage[0]);
		}
    	else {
    		echo 'Access Deny';
    	}
        exit;
	break;
    case 'page':
    	require_once('include/page.inc.php');
    	$start = post('start');
    	$where = "fid=0 and poster=0";
    	if($start) {
    		$where .= ' and id<='.$start;
    	}
        /*if(!$_SESSION["___isadmin"]) {
            $where.=" and ispower=0";  //ispower:是否只针对管理员
        }*/
        $page = new Page(array(
			'table'=>"message",
			'pagesize'=>$CONFIGURE["pagesize"],
			'page'=>post('page'),
			'key'=>'id',
			'where'=>$where,
			'page_record'=>"条留言"
        ));
        $page->pages();
        $pagestr = $page->SetPageStr();
        echo $pagestr;
        exit;
    break;
    case 'checkResetPassword' :
		$username = post('username');
		$user = $db->SelectS("SELECT * from systemuser WHERE username='".$username."' AND question!=''",1);
		if($user) {
			echo json_encode($user);
    	}
    	else {
    		echo 'E';//添加用户失败
    	}
		exit;
	break;
	case 'resetPassword' :
		$username = post('username');
		$question = post('question');
		$answer = post('answer');
		$user = $db->SelectS("SELECT * FROM systemuser WHERE username='".$username."' AND question='".$question."' AND answer='".$answer."'",1);
		if($user) {
			if($db->query("UPDATE systemuser SET password='".md5('123456')."' WHERE username='".$username."'")) {
				echo 'S';
			}
			else {
				echo 'E';
			}
    	}
    	else {
    		echo 'E';//添加用户失败
    	}
		exit;
	break;
    default:
        exit("<script language='javascript'>history.back();</script>");
    break;
}

?>